Toll Group still recovering from ransomware attack
Australian logistics company Toll Group has been forced to shut down some core IT systems after falling victim to a ransomware attack for a second time this year.
The attack on 5 May has been confirmed to be traced to the new Nefilim ransomware, part of a new wave of “double extortion” ransomware attacks whereby data is both encrypted and sent to the attackers, who threaten to publish the data online if they do not pay the ransom.
Toll Group has announced that it had securely reactivated its core IT systems as of 7 May, but that a number of customer-facing applications remained offline as of 11 May. The restoration work is expected to continue throughout this week.
The attack has caused delays in some parts of the network, but Toll has switched to taking bookings over the phone via its call centres, and freight shipments and parcel deliveries are moving “by and large” as normal.
Meanwhile, Toll has revealed it has no intention of paying any ransom, and despite Nefilim’s typical methodology, the company has no evidence to date that any data was exfiltrated from its network.
“We continue to prioritise the movement of essential items including medical and healthcare supplies,” Toll Group’s latest update states. “Email access has been restored for Toll employees who operate on our cloud-based platforms.”
Toll Group added that it is continuing to support its large enterprise customers whose services are affected by the disruption to Toll’s online operations.
The company is working with the Australian Cyber Security Centre (ACSC) to investigate and resolve the incident.
The Nefilim ransomware is commonly distributed through exposed remote desktop protocol (RDP) ports, and uses AES-128 encryption to encrypt a victim’s files.
Toll Group was forced to pull its systems offline in January after falling victim to a major ransomware attack involving the Mailto ransomware.
While at the time ACSC said there was no evidence the attack was part of a broader campaign, rival Henning Harders also suffered a ransomware attack in March.
External attacks on Australian corporate cloud accounts have surged 630% as a result of the...
The Digital Transformation Agency has incorporated new security and accessibility enhancements...
Australia's Ambassador for Cyber Affairs has condemned state-backed malicious actors that are...